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What is claimed is: 

1 LA method of determining if a link is alive, comprising: 

2 establishing a secure link between a first node and a second node 

3 according to a security protocol; 

4 sending at least one ping message targeting the second node over the 

5 secure link, the at least one ping message defined outside the security protocol; and 

6 monitoring for at least one ping reply to determine if the secure link is 

7 alive. 

1 2. The method of claim 1 , wherein establishing the secure link comprises 

2 establishing a virtual private network session. 

1 3. The method of claim 1 , wherein establishing the secure link comprises 

2 establishing a link protected by an Internet Protocol Security protocol. 

1 4. The method of claim 3, wherein sending the at least one ping message 

2 comprises sending at least one Internet Control Message Protocol message. 

1 5. The method of claim 1 , wherein sending the at least one ping message 

2 comprises sending at least one Internet Control Message Protocol message. 

1 6. The method of claim 1, wherein establishing the secure link comprises 

2 establishing the secure link between first and second nodes each comprising a security 

3 gateway. 

1 7. The method of claim 6, further comprising sending at least one ping 

2 message targeting another node behind the second node. 

1 8. The method of claim 7, further comprising monitoring for at least one ping 

2 reply form the other node. 



1 9. The method of claim 1, further comprising tearing down the secure link if 

2 the secure link is determined not to be alive. 

1 10. The method of claim 9, wherein tearing down the secure link comprises 

2 tearing down a security association according to an Internet Protocol Security protocol. 

1 1 1 . A method of communicating with a remote node, comprising: 

2 establishing a secure link between a first security gateway and a second 

3 security gateway, the remote node in communication with the second security gateway; 

4 sending at least one ping message to the remote node over the secure link 

5 and through the second security gateway; and 

6 monitoring for at least one ping reply from the remote node to determine if 

7 the secure link is alive. 

1 12. The method of claim 1 1 , wherein establishing the secure link comprises 

2 establishing a secure link protected according to an Internet Protocol Security protocol. 

1 13. The method of claim 1 1 , wherein establishing the secure link comprises 

2 establishing a virtual private network session. 

1 14. The method of claim 1 1 , wherein establishing the secure link comprises 

2 establishing a secure link protected according to a security protocol. 

1 15. The method of claim 14, wherein sending the at least one ping message 

2 comprises sending at least one ping message defined outside the security protocol. 

1 16. The method of claim 15, wherein sending the at least one ping message 

2 comprises sending an Internet Control Message Protocol message. 

1 17. The method of claim 16, wherein establishing the secure link comprises 

2 establishing a secure link protected according to an Internet Protocol Security protocol. 
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1 18. A system for communicating between a network element and a remote 

2 node, comprising: 

3 a security module adapted to establish a secure link with the remote node, 

4 the secure link having a security mechanism according to a security protocol; and 

5 a keep-alive module adapted to send at least one ping message over the 

6 secure link to the remote node, the at least one ping message defined outside the security 

7 protocol. 

1 19. The system of claim 18, wherein the security protocol comprises an 

2 Internet Protocol Security protocol. 

1 20. The system of claim 18, wherein the at least one ping message comprises 

f==$ 2 an Internet Control Message Protocol message. 

Ml 21. The system of claim 18, further comprising: 

p!l 2 an interface to a packet-based network, the secure link established over the 

03 3 packet-based network; and 

B 4 a layer to control communications over the packet-based network. 

h k 1 22. The system of claim 21, wherein the layer comprises an Internet Protocol 

i~% 2 layer. 

1 23. The system of claim 1 8, wherein the keep-alive module is adapted to 

2 further monitor for at least one ping reply responsive to the at least one ping message to 

3 determine if the secure link is alive. 

1 24. The system of claim 23, wherein the security module is adapted to tear 

2 down a security association of the secure link if the secure link is not alive. 

1 25. The system of claim 24, wherein the security association comprises an 

2 Internet Protocol Security protocol security association. 
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1 26. The system of claim 18, wherein the keep-alive module is adapted to 

2 further monitor for at least one ping reply responsive to the at least one ping message to 

3 determine if the secure link is alive, the system further comprising a module adapted to 

4 establish a link over a secondary communication network if the secure link is not alive. 

1 27. An article comprising at least one storage medium containing instructions 

2 for controlling communications, the instructions when executed causing a controller to: 

3 establish a secure link between a first node and a second node according to 

4 a security protocol; 

5 send at least one ping message targeting the second node over the secure 

6 link, the at least one ping message defined outside the security protocol; and 

7 monitor for at least one ping reply to determine if the secure link is alive. 

1 28. The article of claim 27, wherein the instructions when executed cause the 

2 controller to further establish an Internet Protocol security association for the secure link. 

1 29. The article of claim 28, wherein the instructions when executed cause the 

2 controller to tear down the security association if the controller does not receive the at 

3 least one ping reply. 

1 30. The article of claim 27, wherein the controller is part of the first node. 

1 3 1 . A data signal embodied in a carrier wave and containing instructions for 

2 controlling communications, the instructions when executed causing a system to: 

3 establish a secure link between a first gateway and a second gateway; 

4 send at least one ping message to a remote node over the secure link and 

5 through the second security gateway; and 

6 monitor for at least one ping reply from the remote node to determine if 

7 the secure link is alive. 



